Effective CISSP Questions

Your company starts an in-house software development project for the customer relationship management solution. Which of the following activities is least likely conducted during the software development life cycle?
A. Resale the solution to external entities
B. Develop the business case for the project
C. Implement the solution without threat modeling
D. Reject the solution after user acceptance testing

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Develop the business case for the project.

A life cycle stands for “from the cradle to the grave.” The business case exists before the project was “born,” formally authorized and initiated.

  • It’s not uncommon to sell or resale the solution to external entities.
  • Implementing the solution after threat modeling is a good practice. However, threat modeling is not mandatory; it depends on the project management plan.
  • It’s reasonable to reject the solution after user acceptance testing, depending on the testing results.
Project Life Cycle



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

貴公司為客戶關係管理解決方案啟動了內部軟體開發專案。 在軟體開發生命週期(SDLC)中,最不可能進行以下哪項活動?
A. 將解決方案轉售給外部實體
B. 制定本專案的業務案例(business case)
C. 在沒有威脅建模的情況下實施解決方案
D. 在用戶驗收測試後拒絕該解決方案

Leave a Reply